This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-03-30
Channels
- # babashka (18)
- # beginners (90)
- # calva (33)
- # clara (6)
- # cljfx (11)
- # cljs-dev (22)
- # cljsrn (9)
- # clojure (71)
- # clojure-australia (2)
- # clojure-czech (15)
- # clojure-europe (27)
- # clojure-germany (9)
- # clojure-nl (4)
- # clojure-serbia (3)
- # clojure-uk (10)
- # clojurescript (17)
- # conjure (12)
- # data-oriented-programming (2)
- # deps-new (6)
- # fulcro (29)
- # graphql (10)
- # hugsql (6)
- # jobs (1)
- # lsp (59)
- # malli (8)
- # off-topic (76)
- # pathom (15)
- # polylith (130)
- # re-frame (9)
- # reagent (15)
- # releases (4)
- # rewrite-clj (6)
- # ring (6)
- # rum (9)
- # shadow-cljs (116)
- # specter (5)
- # testing (7)
- # tools-deps (24)
- # vim (6)
- # xtdb (17)
@orestis we switched from “native” mongo ObjectIds to randomly generated ObjectIds because you can “guess” the possible values of the next couple of ObjectIds, which makes for an attack surface.
Oh, and if you’re a saas thingy, do consider using https://www.hackerone.com. It’s like an ongoing pen-test
Is this a company that does pen tests? Or something more like https://www.zaproxy.org/
They help set up bounty programs, and have a bunch of hackers which try to hack orgs (like ardoq)
The hackers are incentivised to learn the app, and they find so much more than your yearly pentest does.
And your org is incentivised to keep the app secure, as it pays for every security bug found.
Oh that’s nice. We had a pentest which found some things but missed some glaring ones. Cost an arm and a leg and was very stressful since it was time bound.
Is there a pricing guidance on what to expect? I would hope the costs are bounded and there’s NDAs... a bunch of random “hackers” trying to get in sounds scary if they’re not bound by some contract.
Good morning!
Good morning :hugging_face: